ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Unix Lama

v1.0.0

Pay-per-use AI gateway for 19 models across 5 providers via Bitcoin Lightning. No API keys, no account — pay sats, get inference. Supports Anthropic, OpenAI,...

0· 3·0 current·0 all-time
by@unixlamadev-spec
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill description and SKILL.md describe a network-facing client for https://lightningprox.com that requires no local credentials. However, the package includes a complete server implementation (main.go, README build instructions, .env configuration) which expects multiple provider API keys (Anthropic, OpenAI, Together, Mistral, Gemini, OpenNode) and default configuration (TOKEN_DB_PATH defaulting to /root/unix-lama/tokens.db). Including server source is not inherently malicious, but it is unexpected for a client-only skill and increases the attack surface and operational complexity.
Instruction Scope
The SKILL.md runtime instructions are narrowly scoped: they show HTTP requests to https://lightningprox.com (POST /v1/messages, /topup, /api/capabilities) and header-based auth (X-Spend-Token or L402 macaroon). The instructions do not tell the agent to read local files, access unrelated environment variables, or exfiltrate data. They remain within the stated purpose of calling the remote gateway.
Install Mechanism
There is no install spec; the skill is instruction-only from the runtime perspective, which is low-risk. However, the package ships source code and build instructions for a server (go build). Because nothing is automatically installed, the risk is limited unless a user explicitly builds/runs the included server code.
!
Credentials
Although SKILL.md declares no required environment variables, the included source and README expect numerous API keys and configuration (ANTHROPIC_API_KEY, OPENAI_API_KEY, TOGETHER_API_KEY, MISTRAL_API_KEY, GEMINI_API_KEY, OPENNODE_API_KEY, TOKEN_DB_PATH, etc.). These are unrelated to simply using the remote endpoint and would be sensitive if the server were run. The TokenStore defaults to /root/unix-lama/tokens.db, which would create files as root if built/run without configuration — an unexpected and high-privilege default.
!
Persistence & Privilege
While the skill is not force-installed (always:false) and does not request persistent presence, the included server code, if executed, will create/alter SQLite databases, write spend tokens, store payment preimages and payment hashes, and create indexes. Default DB path under /root and SQL ALTER TABLE calls in startup/migration code mean running the server could modify disk state and store sensitive payment data. The package does not modify other skills, but running it as provided could require elevated file-system access.
What to consider before installing
SKILL.md itself is a simple client to a public endpoint (https://lightningprox.com) and does not require credentials — using it to call the remote API with a spend token is low-risk. However, this package also contains a full server (main.go) and README with build/config instructions that expect many provider API keys and default to storing a tokens DB at /root/unix-lama/tokens.db. Before doing anything with the included source: 1) Treat the server code as separate from the client docs — you only need the docs to call the remote API. 2) Do NOT build or run main.go on a machine you care about unless you review the code and change defaults (especially TOKEN_DB_PATH) and run as a non-root user. 3) If you plan to self-host, audit how payment preimages and API keys are stored/rotated (preimages in DB are sensitive). 4) Verify the legitimacy of the homepage and operator (LPX Digital Group LLC) independently before providing any provider API keys or making payments. 5) If unsure, interact with the remote endpoint only from a sandboxed environment or use a disposable account/token; avoid running the included server binary without a security review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97528ksqkr8ar550jcz4bnk7n84ak07

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments